b'AAAAAAAAAAAAAAA\n\n\n\n\n                  U.S. Department of Energy\n                  Office of Inspector General\n                  Office of Audit Services\n\n\n\n\n  Audit Report\n\n Quality Assurance Standards for the\n Integrated Control Network at the\n Hanford Site\'s Waste Treatment\n Plant\n\n\n\n\n DOE/IG-0764                                    May 2007\n\x0c                               Departmsrrt of Energy\n                                   Washington, DC 20585\n\n                                   M a y 4,         2007\n\n\nMEMORANDUM FOR THE SECRETARY\n\nFROM:                      &*\n                           Greg ry H. Friedman\n                           Inspector General\n\nSUBJECT:                   INFORMATION: Audit Report on "Quality Assurance\n                           Standards for the Integrated Coiltrol Network at the Hanford\n                           Site\'s Waste Treatment Plant"\n\n\n\nIi1 oneof Ihe lai-gcst and illost impoi-krit of its environmental remediation projects, the\nDepartment of Energy is constructing a Waste Treatment Plant at its Hanford,\nWashington site. The $12.2 billion Plant is designed to treat and prepare for disposal 53\nmillion gallons of radioactive and chemically hazardous waste. In December 2000, the\nDepartment awarded a contract to Bechtel National, Inc. (Bechtel National) to design,\nbuild, and commission the Plant to immobilize radioactive waste into a stable form of\nglass. Under current plans, the resulting high-level waste is to be disposed of in the\nOffice of Civilian Radioactive Waste Management\'s geologc repository.\n\nBecause of the nature of the waste stream, the Waste Treatment Plant has been\ndesignated a Caregory I1 iluclear l \' d ~ i i i t ~AS\n                                                    . s ~ i h;i, i l i ~ sit l l ~qliality\n                                                                                   ~t      assurmcc\nstandards for nuclear facilities, which significantly exceed those required for commercial\nfacilities and equipment. The Plant design called for the installation of a computerized\nintegrated control network to monitor the operation of a number of key processes. In\nNovember 2001, Bechtel National awarded a subcontract to procure the control systen~,\nan essential component of the integrated network. This system provides central\ncommunications for the Plant\'s pumps, valves, and instruments, and the interfaces for\noperators to control Plant activities. The objective of the audit was to determine if the\nintegrated control network met appropriate quality assurance standards.\n\nRESULTS OF ALDIT\n\nThe Waste Treatment Plant control system acquired by the Department did not meet\napplicable quality assurance standards--specifically, those required for "an activity\naffecting the immobilization of radioactive high-level waste." Bechtel National\'s\nspecifications, which were approved by the Department, required the installation of a\ncontrol system that met quality assurance standards for nuclear facilities, or equivalent\nstandards. Yet, Bechtel National failed to impose parallel requirements on the\nsubcontractor which supplied the control system. As a result, the system does not meet\nthe stringent procedures, plans, specifications, or work practices associated with nuclear\nquality standards. Under the circumstances, we concluded that the Department cannot be\nsure that the Plant\'s current system is suitable for processing nuclear waste.\n\n\n\n                                  @     Printed with soy ink on recycled papel\n\x0cIn examining these issues, we noted a number of problems in the process used by Bechtel\nNational to procure the control system. Specifically, Bechtel National had not:\n\n   o    Perfonned a supplier evaluation to ensure that the subcontractor used appropriate\n        quality assurance standards given the system\'s functions;\n\n   \'P   Clearly set forth quality assurance standards to be applied during the procurement\n        process; and,\n\n   s    Consistently defined quality levels that were to be used for the Plant.\n\nWe concluded, as well, that Department officials had not taken necessary steps to assure\nthat Bechtel National\'s actions regarding the control system were consistent with Agency\nquality assurance standards. In fact, the Department was unaware of the nuclear quality\nassurance standards issue prior to our review.\n\nThe Department needs to address concerns that the control system will not perform as\nneeded and that quality assurance shortcomings could potentially impact the operation of\nother Waste Treatment Plant systems. These issues could significantly impact the\nschedule, cost and safety of the project. Depending on the results of further testing, the\nDepartment may have to commit substantial additional resources to either enhance the\nexisting control system to ensure that it meets the appropriate quality assurance\nstandards, or procure a new control system specifically designed to meet such standards.\n\nThe audit also disclosed that there was confusion within the Department as to whether its\nrecently adopted quality assurance standards for safety software applied to the Plant\'s\nintegrated control network. In Fiscal Year 2005, the Department issued Order 4 14.1i\',\nQuality Assu1-awe. Under the Order, safety software development is to meet the quality\nassurance standards for nuclear facilities, or equivalent standards, utilizing a graded\napproach, rather than the standards followed for commercial materials. To date, neither\nthe Department nor Bechtel National has determined whether the internal control\nnetwork\'s functions comprise safety software as defined by the Order. Toward the end of\nour audit, we were informed that the Department was undertaking a number of actions to\nreview the applicability of Order 414. lC, Quality Assuralzce, to the integrated control\nnetwork as well as to other systems at the Waste Treatment Plant.\n\nTo address the concerns raised during our audit, we recommended that senior\nEnvironmental Management officials conduct necessary tests to ensure that the control\nsystem for the integrated control network at the Waste Treatment Plant meets appropriate\nquality assurance standards; place significantly greater attention on the administration of\nthe Bechtel National contract with emphasis on a review of Bechtel National\'s\nprocurement system; and, determine if and the extent to which Departmental Order\n414.1C applies to the integrated control network.\n\nMANAGEMENT REACTION\n\nManagement, in responding to a draft of this report, indicated that it was reviewing\nBechtel National\'s engineering judgments regarding (1) the quality assurance\n\x0cclassification of the control system for integrated co~ltrolnetwork and (2) \\vllether the\nsystelll will meet Office of Civilian Radioactive Waste Management\'s waste acceptance\nrequirellleiits for the repository. It further stated that Bechtel National will be required to\nensure that the integrated control network meets recently imposed nuclear safety and\nquality assurance standards.\n\nThe actions proposed by management are responsive to our recommendations.\nManagement\'s comments and our detailed response are summarized in the body of the\nrepost.\n\nAttachment\n\ncc: Deputy Secretary\n    Acting Under Secretary of Energy\n    Assistant Secretary, Office of Environmental Management\n    Chief of Staff\n    Manager, Office of River Protection\n\x0cREPORT ON QUALITY ASSURANCE STANDARDS FOR THE\nINTEGRATED CONTROL NETWORK AT THE HANFORD SITE\'S\nWASTE TREATMENT PLANT\n\n\n\nTABLE OF\nCONTENTS\n\n\n  Standards for the Integrated Control Network at the Waste Treatment Plant\n\n  Details of Finding                                                          1\n\n  Recommendations and Comments                                                4\n\n\n  Appendices\n\n   1. Objective, Scope, and Methodology                                       7\n\x0cSTANDARDS FOR THE INTEGRATED CONTROL NETWORK AT THE\nWASTE TREATMENT PLANT\nBackground          In November 2001, Bechtel National issued a purchase order to\n                    procure a control system for the integrated control network at the\n                    Waste Treatment Plant (Plant). The integrated control network is\n                    an automated system that monitors the quality and safety of\n                    systems and processes of the Plant. The control system, which is a\n                    critical component of the integrated control network, monitors the\n                    status of pumps, mixers, and flow rates of the waste through the\n                    treatment process. Bechtel National identified the integrated\n                    control network as affecting the quality of immobilized high-level\n                    radioactive waste.\n\n                    Departmental Orders require the establishment of quality assurance\n                    programs over systems and operations. Bechtel National, in\n                    implementing the Department\'s quality assurance directives,\n                    concluded that the control system needed to meet quality assurance\n                    standards for nuclear facilities or equivalent because it affected the\n                    quality of immobilized high-level waste.\n\nApplication of      The control system ultimately procured by Bechtel National did\nQuality Assurance   not meet the required quality assurance standards. When Bechtel\nStandards           National issued the Request for Proposal, the specification required\n                    that the control system meet quality assurance standards for\n                    nuclear facilities. However, after the bids were received and the\n                    proposals evaluated, it was determined that none of the proposers\n                    had a system that could meet quality assurance standards for\n                    nuclear facilities, or equivalent standards. During the acquisition\n                    period, a change was being implemented in Bechtel National\xe2\x80\x99s\n                    quality assurance process which permitted the acquisition of\n                    certain systems from commercial suppliers. This change in\n                    procurement requirements was approved by the Department.\n                    Based on the contractor\'s interpretation of the revised\n                    requirements, Bechtel National awarded the control system\n                    contract to a commercial supplier. Bechtel National did not seek\n                    other avenues to acquire software which met nuclear facility\n                    standards, or equivalent internationally recognized standards.\n\n                    Although Bechtel National\'s revised quality assurance procedures\n                    allowed commercial materials in certain operations, the\n                    procurement of a commercial control system did not satisfy the\n                    requirement that items and services affecting the quality of\n                    immobilized high-level waste meet nuclear facility quality\n                    assurance standards. This higher standard was necessary to satisfy\n                    the Office of Civilian Radioactive Waste Management\'s\n                    (OCRWM) quality assurance requirements for disposing of\n                    immobilized high-level waste in its proposed geologic repository.\n\n\n\nPage 1                                                               Details of Finding\n\x0cProcurement   Inadequate Federal contract administration practices and\nPractices     weaknesses in Bechtel National\'s procurement process contributed\n              to numerous problems in the procurement of the control system.\n              Specifically, the Department failed to adequately monitor Bechtel\n              National\'s procurement of the control system as shown by its\n              approval of the contract award for a system that did not meet\n              applicable quality standards. We found no evidence during our\n              review that indicated the Department raised questions about the\n              suitability of the commercial grade control system for the Plant\'s\n              function of producing immobilized high-level waste.\n\n              We noted that Bechtel National had not (1) performed a supplier\n              evaluation; (2) clearly set forth quality assurance standards to be\n              followed; (3) consistently applied quality assurance requirements;\n              and, (4) appropriately documented key elements in the\n              procurement process.\n\n                                      Supplier Evaluation\n\n              Bechtel National did not perform an evaluation of the control\n              system supplier whose system could affect the quality of waste\n              generated by the Plant. In so doing, Bechtel National incurred the\n              risk of significant cost and schedule overruns in the event the\n              integrated control network failed to perform as intended. A\n              supplier evaluation ensures the application of a graded approach to\n              the quality criteria adhered to by the supplier. Bechtel National\'s\n              failure to perform the supplier evaluation conflicted with the\n              Department\'s quality assurance requirements.\n\n                                         Bid Selection\n\n              Also, we found no evidence to indicate that the individuals\n              involved in selecting the subcontractor were aware that bidders\n              needed to meet quality assurance standards applicable to nuclear\n              facilities. This may have occurred, in part, because Bechtel\n              National repeatedly revised documents supporting the acquisition\n              which obscured the requirement that nuclear facility standards\n              needed to be applied for the system.\n\n                       Consistent Application of Quality Requirements\n\n              Program and procurement personnel involved in the acquisition, in\n              addition, appear not to have understood that if the network, as a\n              whole, must meet nuclear standards, then component parts of the\n              network -- including the control system \xe2\x80\x93 must also meet these\n              standards. Currently, Bechtel National applies only commercial\n\n\n\nPage 2                                                        Details of Finding\n\x0c               quality assurance standards to the control system, a key component\n               and base layer of the integrated control network, even though the\n               network as a whole is required to meet the higher quality assurance\n               standards applicable to nuclear facilities.\n\n                                        Procurement Files\n\n               Other weaknesses were noted in Bechtel National\'s procurement\n               process. For example, under the procurement requirement, the\n               subcontractor of the control system was to provide a representation\n               concerning quality assurance matters. We found that this\n               document was erroneously completed by a Bechtel National\n               employee. Therefore, Bechtel National had no formal commitment\n               by the subcontractor to meet applicable quality program\n               requirements as specified in the engineering specification and\n               purchase order. In addition, many key procurement documents\n               were undated, limiting our ability to develop a timeline of the\n               sequence of events. The timeline would have assisted us in\n               determining of weaknesses in the procurement system.\n\n                                              ----\n\nAdditional     The Department revised its standard for safety software in 2005.\nRequirements   Based on this revision, the Department mandated that "software\n               that performs a control function necessary to provide adequate\n               protection from nuclear facility or radiological hazards" must meet\n               quality assurance standards for nuclear facilities, or an equivalent\n               standard. However, the Department has not yet determined\n               whether the control system software must meet quality assurance\n               requirements for safety software.\n\n               Although the control system is not the Plant\'s primary safety\n               system, it provides central communications for the Plant\'s pumps,\n               valves, and instruments, and the interfaces for operators to control\n               Plant activities, activities associated with the control of nuclear\n               hazards. For example, the autosampling control system, a\n               component of the integrated control network, is designed to limit\n               personnel exposure and maintains alarm and draining capabilities\n               in the event of a malfunction. According to a Departmental\n               software quality assurance official, working with the Office of\n               Inspector General on this review, functions performed by the\n               integrated control network comprise safety software as defined in\n               the Directive. Other quality assurance officials stated that further\n               review is necessary before they could conclusively determine\n               whether the Directive applies to functions of the integrated control\n               network. Given the findings in this report, the quality assurance\n\n\n\nPage 3                                                         Details of Finding\n\x0c                  standards applicable to the control system need to be examined\n                  from both an immobilized waste and a safety software perspective.\n\nEffect            The Department is at risk that the control system will not perform\n                  as needed thereby impacting the schedule, cost and safety of the\n                  $12 billion project. Additionally, the Department spent more than\n                  $13 million for the control system that was not acceptable for high-\n                  level waste immobilization operations of the Plant. Depending on\n                  the results of further testing of the system, the Department may be\n                  required to spend additional resources to either ensure that the\n                  control system meets the appropriate quality assurance standards,\n                  or to procure another control system that meets those standards.\n\n\nRECOMMENDATIONS   We recommend that the Assistant Secretary for Environmental\n                  Management:\n\n\n                     1. Ensure that the integrated control network for the Plant\n                        meets appropriate quality assurance standards for its\n                        immobilization of high-level waste functions;\n\n                     2. Determine whether the quality assurance requirements for\n                        safety software apply to the integrated control network;\n                        and,\n\n                     3. Direct the Office of River Protection to provide more\n                        stringent oversight of Bechtel National\'s procurement\n                        process, including a review of the adequacy of Bechtel\n                        National\'s procurement system.\n\n\nMANAGEMENT        Management stated that it is evaluating Bechtel National\'s\nREACTION          judgments made at the time of the procurement regarding the\n                  appropriate quality assurance classification of the integrated\n                  control network. Management indicated that it planned to provide\n                  more rigorous oversight of Bechtel National\'s procurement process\n                  and is initiating a review of Bechtel National\'s procurement\n                  system. Management also stated that it had initiated a separate\n                  review of both its and Bechtel National\'s quality assurance\n                  programs to determine whether appropriate quality assurance\n                  standards are implemented and whether systemic issues exist that\n                  need to be addressed. Finally, Management indicated that it will\n                  direct Bechtel national to ensure that the integrated control\n                  network meets current contractual nuclear safety and quality\n                  assurance standards.\n\n\n\nPage 4                                        Recommendations and Comments\n\x0c           As background, management indicated that during the 2000-2001\n           timeframe, it encouraged Bechtel National to move from a\n           compliance philosophy based on process control to a sampling\n           strategy in order to confirm the quality of the waste product.\n           Management thought that by moving towards a sampling strategy\n           it would significantly reduce the amount of equipment categorized\n           as affecting the quality of immobilized high-level waste. In\n           September 2002, the Department directed Bechtel National to\n           apply the sampling strategy, increasing the likelihood that the\n           integrated control network would no longer be classified as waste\n           quality affecting.\n\n           Based on the Department\'s direction, Bechtel National reclassified\n           the integrated control network from affecting the quality of high-\n           level waste to "To Be Determined." Management acknowledged\n           that a non-conservative approach accepting cost and schedule risk\n           drove the decision to purchase the control system as commercial\n           material. Management also stated that Bechtel National developed\n           a recovery plan in the 2001 timeframe, although not documented,\n           in the event the control system was later determined to have a\n           function essential to the high-level waste form function.\n\n           Management acknowledged that it is still not certain whether\n           component systems of the integrated control network are currently\n           waste quality affecting. Additionally, management stated that it\n           did not believe the internal control network comprise safety\n           software, as defined by the Department\'s Directive.\n\nAUDITOR    As stated in the body of the report, the procurement of the\nRESPONSE   control system as commercial material did not meet the quality\n           assurance standards required for an activity affecting the quality of\n           the Plant\'s immobilization of high-level waste at the time of\n           procurement. While changes to Bechtel National\'s quality\n           assurance procedures allowed the use of commercial materials for\n           non-safety systems, the revised procedures still required that items\n           and services affecting the quality of immobilized high-level waste\n           meet quality assurance standards for nuclear facilities. Further,\n           although Bechtel National reclassified the waste affecting function\n           of the system as "To Be Determined" in 2001, the company\n           subsequently identified components of the integrated control\n           network in its 2004 Determination of Immobilized High-Level\n           Waste Product Quality-Affecting Items and Activities list. As\n           such, the control system procurement should have been subject to\n           nuclear quality assurance standards since the procured control\n           system was and continues to be identified as a key component of\n           the control network.\n\n\n\nPage 5                                                             Comments\n\x0c         Further, we are concerned that the Department has not reviewed\n         the control system for compliance with the Departmental Directive\n         on safety software. Establishing the appropriate quality assurance\n         level for the software is important because the integrated control\n         network provides central communications for the Plant. For\n         example, the autosampling control system, a component of the\n         integrated control network, controls an alarm function and draining\n         capability in response to a malfunction.\n\n         Despite our disagreement on certain points, the actions initiated or\n         planned by Management, if fully implemented, are responsive to\n         concerns raised in the report.\n\n\n\n\nPage 6                                                           Comments\n\x0cAppendix 1\n\nOBJECTIVE     The objective of this audit was to determine if the integrated\n              control network met appropriate quality assurance standards.\n\n\nSCOPE         We conducted the audit from April 2006 to March 2007. The\n              scope of the audit covered the Waste Treatment Plant\'s integrated\n              control network.\n\n\nMETHODOLOGY   To accomplish the audit objective, we:\n\n                 \xe2\x80\xa2   Relied on technical assistance and analyses provided by a\n                     software quality assurance expert from the Department of\n                     Energy\'s (Department) Office of Environmental\n                     Management;\n\n                 \xe2\x80\xa2   Obtained and reviewed planning, quality control, and\n                     procurement documents for the Waste Treatment Plant;\n\n                 \xe2\x80\xa2   Researched Federal and Departmental regulations;\n\n                 \xe2\x80\xa2   Analyzed and assessed Bechtel National, Inc.\'s (Bechtel\n                     National) internal controls over its procurement of the\n                     integrated control network;\n\n                 \xe2\x80\xa2   Analyzed the Bechtel National contract with the Office of\n                     River Protection; and,\n\n                 \xe2\x80\xa2   Interviewed key personnel in the Office of Environmental\n                     Management, Office of Price-Anderson Enforcement,\n                     Office of River Protection, and Bechtel National.\n\n              The audit was conducted in accordance with generally accepted\n              Government auditing standards for performance audits and\n              included tests of internal controls and compliance with laws and\n              regulations to the extent necessary to satisfy the audit objective.\n              We assessed performance measures established under the\n              Government Performance and Results Act of 1993 related to the\n              Office of River Protection\'s Waste Treatment Plant at the Hanford\n              Site. Because our review was limited, it would not necessarily\n              have disclosed all internal control deficiencies that may have\n              existed at the time of our audit. We did not conduct a reliability\n              assessment of computer-processed data because only a limited\n              amount of computer-processed data was used during the audit.\n\n              We held an exit conference with management on March 1, 2007.\n\n\n\nPage 7                                    Objective, Scope, and Methodology\n\x0c                                                                    IG Report No. DOE/IG-0764\n\n                           CUSTOMER RESPONSE FORM\n\nThe Office of Inspector General has a continuing interest in improving the usefulness of its\nproducts. We wish to make our reports as responsive as possible to our customers\' requirements,\nand, therefore, ask that you consider sharing your thoughts with us. On the back of this form,\nyou may suggest improvements to enhance the effectiveness of future reports. Please include\nanswers to the following questions if they are applicable to you:\n\n1. What additional background information about the selection, scheduling, scope, or\n   procedures of the inspection would have been helpful to the reader in understanding this\n   report?\n\n2. What additional information related to findings and recommendations could have been\n   included in the report to assist management in implementing corrective actions?\n\n3. What format, stylistic, or organizational changes might have made this report\'s overall\n   message more clear to the reader?\n\n4. What additional actions could the Office of Inspector General have taken on the issues\n   discussed in this report which would have been helpful?\n\n5. Please include your name and telephone number so that we may contact you should we have\n   any questions about your comments.\n\n\nName                                          Date\n\nTelephone                                     Organization\n\n\nWhen you have completed this form, you may telefax it to the Office of Inspector General at\n(202) 586-0948, or you may mail it to:\n\n                               Office of Inspector General (IG-1)\n                                     Department of Energy\n                                    Washington, DC 20585\n\n                                  ATTN: Customer Relations\n\nIf you wish to discuss this report or your comments with a staff member of the Office of\nInspector General, please contact Judy Garland-Smith (202) 586-7828.\n\x0cThe Office of Inspector General wants to make the distribution of its reports as customer friendly and cost\n  effective as possible. Therefore, this report will be available electronically through the Internet at the\n                                             following address:\n\n                   U.S. Department of Energy Office of Inspector General Home Page\n                                        http://www.ig.doe.gov\n\n       Your comments would be appreciated and can be provided on the Customer Response Form\n                                      attached to the report.\n\x0c'